Last year, a Cofense™ customer wanted to show his board the results of his phishing-defense program. Specifically, the customer was looking for a board-report template. The customer did a quick Google search and found…nothing.
Well, that wasn’t going to work. So, we created the industry’s first phishing-defense report for boards of directors. Today, over 25% of our thousands of customers use the presentation-friendly report. It shows the state of a company’s phishing awareness as measured in simulation training, where employees receive simulated phishes to help them spot and report the real thing.
And the report isn’t just for boards. Cofense customers use it to brief the C-suite or their peers in IT. Sometimes, customers use it for themselves.
Now More than Ever, Boards Want This Information
A look around the landscape shows why board reporting is popular. Boards want scorecards to measure security, including phishing defense. Increasingly, they focus on detection and recovery, versus tech-driven perimeter security, knowing that cyber-security is part of their broader effort to lower risk.
As noted in Forbes, when it comes to cyber-security, board members are now decision-makers, influencing security budgets; change agents, pressing the need for higher standards; and (like all of us) targets. A NYSE report shows that 60% of board members use personal email to communicate with fellow members1, making them vulnerable to phishing—and, let’s hope, aware of the need to take precautions.
With that in mind, let’s take a look at what Cofense customers are saying about our report.
“A Great Snapshot for Our Executives.”
When we developed the board report, we tried to make it a quick, clear read. So far, customers are giving it a big thumbs up for being easily digestible. As you can see in the Phishing Defense Dashboard above, at a glance board members can grasp a program’s overall performance.
“Clearly Demonstrates Our Phishing Resiliency and Where We Can Improve.”
Besides an executive summary, we show phishing resiliency rates over time—that is, the ratio between users who reported a phishing simulation without falling susceptible, in relation to all users who were fooled by the email. We also give an analysis of employees who click repeatedly, along with cross-industry resiliency rates to put a customer’s performance into context. It’s easy to see a company’s performance, in particular what’s going well and what needs shoring up.
“Love the Industry Comparisons.”
In the report’s second part, the Resiliency Comparative Analysis, we drill down into more context: industry benchmarking. The sample here is from the financial services industry. We show overall industry data, a comparison of the sample company to the industry, and a detailed analysis of 21 industries. Naturally, boards zoom in on their own industries, but zooming out is useful, too. Everyone gets phished. How are other sectors doing?
“The ‘Understanding Your Report’ Section Was Really Helpful.”
After launching the report, we realized the need to explain the data it contains. That’s why we developed the one-page Understanding Your Report. It defines terms the report uses—susceptibility, reporting, resiliency—and offers a guide to each section. Besides noting what each section shows, we tried to give useful insights. For example, here’s how we describe All Industries Resiliency Trends by Year:
This section illustrates the average resiliency, susceptibility, and reporter rates of all Cofense clients for the previous 4 calendar years. This graph will typically show susceptibility rates go down while reporter and resiliency rates go up over the years.
“Gives the High-Level ROI Analysis Our Leadership Needed.”
More than anything, the report gives a sense of return on investment. Sure, most everyone knows that phishing is a problem, but so are lots of things. Phishing defense fights for budget dollars like everything else. It’s crucial to demonstrate, in measurable ways, that your program is worth it.
Need help in launching or refining your program? The Cofense Professional Services team is here to lend a hand—learn more about what we do. You can request a board report from your Cofense PhishMe™ dashboard or in Cofense Community.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.
- Forbes.com, April 2017.